[Secure-testing-commits] r11610 - data/CVE
Steffen Joeris
white at alioth.debian.org
Sun Apr 12 03:57:49 UTC 2009
Author: white
Date: 2009-04-12 03:57:49 +0000 (Sun, 12 Apr 2009)
New Revision: 11610
Modified:
data/CVE/list
Log:
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-04-11 21:14:14 UTC (rev 11609)
+++ data/CVE/list 2009-04-12 03:57:49 UTC (rev 11610)
@@ -1,19 +1,19 @@
CVE-2009-1284 (Buffer overflow in BibTeX 0.99 allows context-dependent attackers to ...)
TODO: check
CVE-2009-1283 (glFusion before 1.1.3 performs authentication with a user-provided ...)
- TODO: check
+ NOT-FOR-US: glFusion
CVE-2009-1282 (SQL injection vulnerability in private/system/lib-session.php in ...)
- TODO: check
+ NOT-FOR-US: glFusion
CVE-2009-1281 (Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 ...)
- TODO: check
+ NOT-FOR-US: glFusion
CVE-2009-1280 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2009-1279 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2009-1278 (Static code injection vulnerability in forms/ajax/configure.php in ...)
- TODO: check
+ NOT-FOR-US: Gravity Board
CVE-2009-1277 (SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 ...)
- TODO: check
+ NOT-FOR-US: Gravity Board
CVE-2009-1276 (XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and ...)
TODO: check
CVE-2009-1275 (Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other ...)
@@ -21,9 +21,9 @@
CVE-2008-6682 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts ...)
TODO: check
CVE-2008-6681 (Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo ...)
- TODO: check
+ NOT-FOR-US: Dojo
CVE-2007-6726 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and ...)
- TODO: check
+ NOT-FOR-US: Dojo
CVE-2009-1273 (pam_ssh 1.92 and possibly other versions, as used when PAM is compiled ...)
TODO: check
CVE-2009-1272 (The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x ...)
@@ -43,69 +43,69 @@
CVE-2009-1264 (Frontend User Registration (sr_feuser_register) extension 2.5.20 and ...)
TODO: check
CVE-2009-1263 (SQL injection vulnerability in sub_commententry.php in the BookJoomlas ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2009-1262 (Format string vulnerability in Fortinet FortiClient 3.0.614, and ...)
- TODO: check
+ NOT-FOR-US: Fortinet FortiClient
CVE-2009-1261 (Multiple cross-site scripting (XSS) vulnerabilities in Web Help Desk ...)
- TODO: check
+ NOT-FOR-US: Web Help Desk
CVE-2009-1260 (Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and ...)
- TODO: check
+ NOT-FOR-US: UltraISO
CVE-2009-1259 (SQL injection vulnerability in inc/bb/topic.php in Insane Visions ...)
- TODO: check
+ NOT-FOR-US: Insane Visions AdaptBB
CVE-2009-1258 (SQL injection vulnerability in the RD-Autos (com_rdautos) component ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2009-1257 (Heap-based buffer overflow in Magic ISO Maker 5.5 build 0274 allows ...)
- TODO: check
+ NOT-FOR-US: Magic ISO Maker
CVE-2009-1256 (SQL injection vulnerability in FlexCMS 2.5 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: FlexCMS
CVE-2009-1255
RESERVED
CVE-2008-6679 (Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and ...)
TODO: check
CVE-2008-6678 (SQL injection vulnerability in asp/includes/contact.asp in QuickerSite ...)
- TODO: check
+ NOT-FOR-US: QuickerSite
CVE-2008-6677 (Unrestricted file upload vulnerability in ...)
TODO: check
CVE-2008-6676 (QuickerSite 1.8.5 allows remote attackers to obtain sensitive ...)
- TODO: check
+ NOT-FOR-US: QuickerSite
CVE-2008-6675 (Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite ...)
- TODO: check
+ NOT-FOR-US: QuickerSite
CVE-2008-6674 (mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood ...)
- TODO: check
+ NOT-FOR-US: QuickerSite
CVE-2008-6673 (asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict ...)
- TODO: check
+ NOT-FOR-US: QuickerSite
CVE-2008-6672 (Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: Vertex4 SunAge
CVE-2008-6671 (Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: Vertex4 SunAge
CVE-2008-6670 (Integer overflow in Vertex4 SunAge 1.08.1 and earlier allows remote ...)
- TODO: check
+ NOT-FOR-US: Vertex4 SunAge
CVE-2008-6669 (viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: nweb2fax
CVE-2008-6668 (Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and ...)
- TODO: check
+ NOT-FOR-US: nweb2fax
CVE-2008-6667 (A+ PHP Scripts News Management System (NMS) allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: A+ PHP Scripts News Management System (NMS)
CVE-2008-6666 (Multiple cross-site scripting (XSS) vulnerabilities in Kronos webTA ...)
- TODO: check
+ NOT-FOR-US: Kronos webTA
CVE-2008-6665 (change.php in Ananta CMS 1.0b5, with magic_quotes_gpc disabled, allows ...)
- TODO: check
+ NOT-FOR-US: Ananta CMS
CVE-2008-6664 (action.php in SH-News 3.0 allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: SH-News
CVE-2008-6663 (SQL injection vulnerability in profile.php in PHPAuctions.info ...)
- TODO: check
+ NOT-FOR-US: PHPAuctions
CVE-2008-6662 (AVG Anti-Virus for Linux 7.5.51, and possibly earlier, allows remote ...)
- TODO: check
+ NOT-FOR-US: AVG Anti-Virus
CVE-2008-6661 (Multiple integer overflows in the scanning engine in Bitdefender for ...)
- TODO: check
+ NOT-FOR-US: Bitdefender
CVE-2008-6660 (Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov ...)
- TODO: check
+ NOT-FOR-US: Alexey Ozerov BigDump
CVE-2008-6659 (Directory traversal vulnerability in index.php in Simple Machines ...)
- TODO: check
+ NOT-FOR-US: Simple Machines Forum
CVE-2008-6658 (Directory traversal vulnerability in index.php in Simple Machines ...)
- TODO: check
+ NOT-FOR-US: Simple Machines Forum
CVE-2008-6657 (Cross-site request forgery (CSRF) vulnerability in index.php in Simple ...)
- TODO: check
+ NOT-FOR-US: Simple Machines Forum
CVE-2007-6725 (The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly ...)
TODO: check
CVE-2009-XXXX [roundup: insufficient access checks in web frontend]
@@ -156,107 +156,107 @@
- linux-2.6 <unfixed>
- linux-2.6.24 <unfixed>
CVE-2008-6656 (Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b ...)
- TODO: check
+ NOT-FOR-US: Open Auto Classifieds
CVE-2008-6655 (Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL ...)
- TODO: check
+ NOT-FOR-US: GEDCOM_TO_MYSQL
CVE-2008-6654 (Cross-site scripting (XSS) vulnerability in search_results.php in ...)
- TODO: check
+ NOT-FOR-US: InfoBiz Server
CVE-2008-6653 (SQL injection vulnerability in webhosting.php in the Webhosting ...)
- TODO: check
+ NOT-FOR-US: Joomla
CVE-2008-6652 (SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote ...)
- TODO: check
+ NOT-FOR-US: OneCMS
CVE-2008-6651 (Static code injection vulnerability in edithistory.php in OxYProject ...)
- TODO: check
+ NOT-FOR-US: OxYProject OxYBox
CVE-2008-6650 (del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary ...)
- TODO: check
+ NOT-FOR-US: miniBloggie
CVE-2008-6649 (SQL injection vulnerability in manager/image_details_editor.php in ...)
- TODO: check
+ NOT-FOR-US: Ktools PhotoStore
CVE-2008-6648 (SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 ...)
- TODO: check
+ NOT-FOR-US: Ktools PhotoStore
CVE-2008-6647 (SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3 ...)
- TODO: check
+ NOT-FOR-US: Ktools PhotoStore
CVE-2008-6646 (Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix ...)
- TODO: check
+ NOT-FOR-US: CoronaMatrix phpAddressBook
CVE-2008-6645 (Cross-site scripting (XSS) vulnerability in Opencosmo VisualSentinel ...)
- TODO: check
+ NOT-FOR-US: Opencosmo VisualSentinel
CVE-2008-6644 (Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke ...)
- TODO: check
+ NOT-FOR-US: DotNetNuke
CVE-2008-6643 (LokiCMS 0.3.4 and possibly earlier versions does not properly restrict ...)
- TODO: check
+ NOT-FOR-US: LokiCMS
CVE-2008-6642 (SQL injection vulnerability in view.php in DotContent FluentCMS 4.x ...)
- TODO: check
+ NOT-FOR-US: DotContent FluentCMS
CVE-2008-6641 (Multiple SQL injection vulnerabilities in Shader TV (Beta) allow ...)
- TODO: check
+ NOT-FOR-US: Shader TV
CVE-2008-6640 (Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote ...)
- TODO: check
+ NOT-FOR-US: BatmanPorTaL
CVE-2008-6639 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...)
- TODO: check
+ NOT-FOR-US: AjaXplorer
CVE-2008-6638 (Insecure method vulnerability in the Versalsoft HTTP Image Uploader ...)
- TODO: check
+ NOT-FOR-US: Versalsoft HTTP Image Uploader ActiveX
CVE-2008-6637 (Multiple cross-site scripting (XSS) vulnerabilities in forgotPW.php in ...)
- TODO: check
+ NOT-FOR-US: Library Video Company SAFARI Montage
CVE-2008-6636 (SQL injection vulnerability in skins/default.php in Geody Labs Dagger ...)
- TODO: check
+ NOT-FOR-US: Geody Labs Dagger
CVE-2008-6635 (SQL injection vulnerability in skins/default.php in Geody Labs Dagger ...)
- TODO: check
+ NOT-FOR-US: Geody Labs Dagger
CVE-2008-6634 (SQL injection vulnerability in RoomPHPlanning 1.5 allows remote ...)
- TODO: check
+ NOT-FOR-US: RoomPHPlanning
CVE-2008-6633 (SQL injection vulnerability in RoomPHPlanning 1.5 allows remote ...)
- TODO: check
+ NOT-FOR-US: RoomPHPlanning
CVE-2008-6632 (SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 ...)
- TODO: check
+ NOT-FOR-US: MercuryBoard
CVE-2008-6631 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
- TODO: check
+ NOT-FOR-US: BlogPHP
CVE-2008-6630 (Directory traversal vulnerability in the wt_gallery extension 2.5.0 ...)
TODO: check
CVE-2008-6629 (Cross-site scripting (XSS) vulnerability in detail.php in WEBBDOMAIN ...)
- TODO: check
+ NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6628 (SQL injection vulnerability in detail.php in WEBBDOMAIN Multi ...)
- TODO: check
+ NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6627 (SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, ...)
- TODO: check
+ NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6626 (SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and ...)
- TODO: check
+ NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6625 (SQL injection vulnerability in getin.php in WEBBDOMAIN Polls (aka ...)
- TODO: check
+ NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6624 (SQL injection vulnerability in getin.php in WEBBDOMAIN Petition 1.02, ...)
- TODO: check
+ NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6623 (SQL injection vulnerability in getin.php in WEBBDOMAIN Post Card (aka ...)
- TODO: check
+ NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6622 (SQL injection vulnerability in choosecard.php in WEBBDOMAIN Post Card ...)
- TODO: check
+ NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6621 (Unspecified vulnerability in GraphicsMagick before 1.2.3 allows remote ...)
TODO: check
CVE-2008-6620 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: GraFX miniCWB
CVE-2008-6619 (Unrestricted file upload vulnerability in class/ApplyDB.php in ...)
- TODO: check
+ NOT-FOR-US: ClassSystem
CVE-2008-6618 (Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote ...)
- TODO: check
+ NOT-FOR-US: ClassSystem
CVE-2008-6617 (Unrestricted file upload vulnerability in adm/visual/upload.php in ...)
- TODO: check
+ NOT-FOR-US: SiteXS CMS
CVE-2008-6616 (Cross-site scripting (XSS) vulnerability in index.php in Zen Software ...)
- TODO: check
+ NOT-FOR-US: Zen Software Zen Cart
CVE-2008-6615 (SQL injection vulnerability in index.php in Zen Software Zen Cart 2008 ...)
- TODO: check
+ NOT-FOR-US: Zen Software Zen Cart
CVE-2008-6614 (Multiple SQL injection vulnerabilities in microcms-admin-login.php in ...)
- TODO: check
+ NOT-FOR-US: Micro CMS
CVE-2008-6613 (uploader.php in minimal-ablog 0.4 does not properly restrict access, ...)
- TODO: check
+ NOT-FOR-US: minimal-ablog
CVE-2008-6612 (Unrestricted file upload vulnerability in admin/uploader.php in ...)
- TODO: check
+ NOT-FOR-US: minimal-ablog
CVE-2008-6611 (SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows ...)
- TODO: check
+ NOT-FOR-US: minimal-ablog
CVE-2008-6610 (Absolute path traversal vulnerability in phpcksec.php in Stefan Ott ...)
- TODO: check
+ NOT-FOR-US: phpcksec
CVE-2008-6609 (Cross-site scripting (XSS) vulnerability in phpcksec.php in Stefan Ott ...)
- TODO: check
+ NOT-FOR-US: phpcksec
CVE-2008-6608 (Multiple SQL injection vulnerabilities in DevelopItEasy Events ...)
- TODO: check
+ NOT-FOR-US: DevelopItEasy Events Calendar
CVE-2008-6607 (Cross-site scripting (XSS) vulnerability in view.php in MatPo Link 1.2 ...)
- TODO: check
+ NOT-FOR-US: MatPo Link
CVE-2008-6606 (SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows ...)
- TODO: check
+ NOT-FOR-US: MatPo Link
CVE-2008-6605 (Cross-site request forgery (CSRF) vulnerability in the xslt script in ...)
TODO: check
CVE-2009-1241 (Unspecified vulnerability in ClamAV before 0.95 allows remote ...)
@@ -266,39 +266,39 @@
CVE-2009-1239 (IBM DB2 9.1 before FP7 returns incorrect query results in certain ...)
NOT-FOR-US: IBM DB2
CVE-2008-6604 (Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 ...)
- TODO: check
+ NOT-FOR-US: PicoFlat CMS
CVE-2008-6603 (MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when ...)
TODO: check
CVE-2008-6602 (Unspecified vulnerability in Download Center Lite before 2.1 has ...)
- TODO: check
+ NOT-FOR-US: Download Center Lite
CVE-2008-6601 (Unspecified vulnerability in Epona 1.5rc3 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Epona
CVE-2008-6600 (Cross-site scripting (XSS) vulnerability in the search feature in ...)
- TODO: check
+ NOT-FOR-US: XMLPortal
CVE-2008-6599 (cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the ...)
- TODO: check
+ NOT-FOR-US: CookieCheck
CVE-2008-6598 (Multiple race conditions in WANPIPE before 3.3.6 have unknown impact ...)
- TODO: check
+ NOT-FOR-US: WANPIPE
CVE-2008-6597 (Cross-site scripting (XSS) vulnerability in upload/install/index.php ...)
- TODO: check
+ NOT-FOR-US: PHCDownload
CVE-2008-6596 (SQL injection vulnerability in admin/index.php in PHCDownload 1.1 ...)
- TODO: check
+ NOT-FOR-US: PHCDownload
CVE-2008-6595 (SQL injection vulnerability in the pmk_rssnewsexport extension for ...)
TODO: check
CVE-2008-6594 (SQL injection vulnerability in the cm_rdfexport extension for TYPO3 ...)
TODO: check
CVE-2008-6593 (SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy ...)
- TODO: check
+ NOT-FOR-US: LightNEasy SQLite
CVE-2008-6592 (thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" ...)
- TODO: check
+ NOT-FOR-US: LightNEasy SQLite
CVE-2008-6591 (LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite ...)
- TODO: check
+ NOT-FOR-US: LightNEasy SQLite
CVE-2008-6590 (Multiple directory traversal vulnerabilities in LightNEasy "no ...)
- TODO: check
+ NOT-FOR-US: LightNEasy SQLite
CVE-2008-6589 (Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no ...)
- TODO: check
+ NOT-FOR-US: LightNEasy SQLite
CVE-2008-6588 (Aztech ADSL2/2+ 4-port router has a default "isp" account with a ...)
- TODO: check
+ NOT-FOR-US: Aztech port router
CVE-2008-6587 (Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze ...)
TODO: check
CVE-2008-6586 (Cross-site request forgery (CSRF) vulnerability in gui/index.php in ...)
@@ -308,7 +308,7 @@
CVE-2008-6584 (html/index.php in TorrentFlux 2.3 allows remote authenticated users to ...)
TODO: check
CVE-2008-6583 (Buffer overflow in BS.player 2.27 build 959 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: BS.player
CVE-2009-1274 (Integer overflow in the qt_error parse_trak_atom function in ...)
- xine-lib <unfixed> (medium; bug #522811)
NOTE: http://trapkit.de/advisories/TKADV2009-005.txt
More information about the Secure-testing-commits
mailing list